| |
| |||||||
Log-Analyse und Auswertung: Unbekannten Trojaner von Freund aufgespieltWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.03.2013, 23:49
| #1 |
 |  Unbekannten Trojaner von Freund aufgespielt So ist mein erster Beitrag hier, hoffe ich mache alles richtig  Mein Problem ist folgendes, ein Onlinekontakt mit dem ich in der Vergangenheit schon viel Code/Progrämmschen ausgetauscht hab, hat mir per Skype einen Trojaner geschickt. Das Ursprungsprogramm hat sich selbst gelöscht und iwo eine unter random namen und position (lt. ihm einen trojaner erzeugt). Danach konnte er per Remote Shell auf meinen Pc zugreifen. Iwie konnte ich das aber unterbinden und ihm dann angeblich die Verbindung kappen... Mein Norten hat das herunterladen von Dateien durch ihn verhindert, allerdings wurde nach dem ich heute morgen wieder gestartet habe, wieder eine neue unvollständige exe gefunden(wie nach jedem seiner Versuche^^). Er ist das We nicht zu Hause und meinte er kann das Virus deshalb nicht löschen und es hätte lt ihm sowieso nicht mehr mit ihm connected.... Ich hoffe ihr könnt mir helfen das Problemschen zu lösen  Also habe ich hier mal alles Schritt für Schritt gemacht, die Logs findet ihr im Anhang So danke im vorraus für eure Hilfe Lg-medicus PS: Mein Norten hat auch beim komplett Scan keine Viren gefunden  |
|
10.03.2013, 21:14
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Unbekannten Trojaner von Freund aufgespielt Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
11.03.2013, 00:30
| #3 | |
| | Unbekannten Trojaner von Freund aufgespielt Danke für die Antwort
__________________Zitat:
 Also muss ich es dir leider in einer zip datei anhängen, ich hoffe das macht nicht zu viel mehr Aufwand. Etwas genauer kann ich inzwischen sagen das er seine eigentlichen Trojaner nicht auf meinen Laptop bekommen hat(behauptet er zumindest). Mein Norton hat das wohl verhindert... Aber auf meine Remote Shell konnte er auf jedenfall zugreifen er hat mir Ausschnitte aus meiner Festplattenstruktur geschickt :/ Er bahauptet auch das kann er nicht mehr, aber sein Downloader/Trojaner existiert immernoch. Ich würde das Ding gerne loswerden.... Ich selbst programmiere schon lange hobbymäßig, er schulisch bedingt. Er hat dementsprechend etwas mehr drauf. Allerdings bin ich auch kein Noob  Leider habe ich mich immer von allem was illegal scheint ferngehalten, sonst könnte ich selbst was unternehmen. Jetzt brauche ich halt Hilfe von Profis  Vlt werde ich mich demnächst intensiver mit der Materie beschäftigen, falls ihr wieder Schüler aufnehmt wäre ich euch sehr dankbar LG-medicus |
|
11.03.2013, 10:24
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannten Trojaner von Freund aufgespielt Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2013, 16:25
| #5 |
| | Unbekannten Trojaner von Freund aufgespielt Danke für die Antwort Falls es dir das leichter macht werde ich versuchen die Logs auf mehrere Code Tags in mehreren Beiträgen verteilen. Direkt beim Start des Mbar Tools trat bereits eine Warnmeldung auf: hxxp://www.file-upload.net/download-7314857/warnung_mbar.PNG.html Soll ich weitermachen? Ich warte jetzt erstmal sicherheitshalber auf deine Antwort Von einem MalwareScan sah ich ab, da du sagtest, dass ich vorerst keine weiteren Scans machen soll. Bei Bedarf führe ich diesen gerne aus LG-medicus PS: Letzter Versuch über direkte Grafikaddresse bei einem anderen Hoster, hoffentlich ändern die die Urls nicht.  Geändert von medicus (11.03.2013 um 16:34 Uhr) Grund: Grafik einbinden funktionierte nciht :/ |
|
11.03.2013, 16:50
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannten Trojaner von Freund aufgespielt Bei der MBAR-Mledung auf nein klicken, dann normal weitermachen
__________________ --> Unbekannten Trojaner von Freund aufgespielt |
|
11.03.2013, 18:29
| #7 |
| | Unbekannten Trojaner von Freund aufgespielt So hier die Logs: Mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.11.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Phil :: MASTER-LAPTOP [administrator]
11.03.2013 17:32:56
mbar-log-2013-03-11 (17-32-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32367
Time elapsed: 36 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-11 18:00:32
-----------------------------
18:00:32.035 OS Version: Windows x64 6.1.7601 Service Pack 1
18:00:32.037 Number of processors: 4 586 0x2A07
18:00:32.039 ComputerName: MASTER-LAPTOP UserName: Phil
18:00:33.999 Initialize success
18:00:49.213 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:00:49.218 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
18:00:49.241 Disk 0 MBR read successfully
18:00:49.248 Disk 0 MBR scan
18:00:49.254 Disk 0 Windows 7 default MBR code
18:00:49.272 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
18:00:49.290 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 41945088
18:00:49.302 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 694822 MB offset 42149888
18:00:49.317 Disk 0 scanning C:\Windows\system32\drivers
18:00:56.163 Service scanning
18:01:22.586 Modules scanning
18:01:22.603 Disk 0 trace - called modules:
18:01:22.631 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:01:22.641 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a617060]
18:01:22.656 3 CLASSPNP.SYS[fffff88001e9b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80080ff050]
18:01:22.669 Scan finished successfully
18:01:56.793 Disk 0 MBR has been saved successfully to "C:\Users\Phil\Documents\upload\MBR.dat"
18:01:56.805 The log file has been saved successfully to "C:\Users\Phil\Documents\upload\aswMBR.txt"
Code:
ATTFilter 18:04:19.0147 7692 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:04:20.0503 7692 ============================================================
18:04:20.0503 7692 Current date / time: 2013/03/11 18:04:20.0503
18:04:20.0503 7692 SystemInfo:
18:04:20.0503 7692
18:04:20.0503 7692 OS Version: 6.1.7601 ServicePack: 1.0
18:04:20.0503 7692 Product type: Workstation
18:04:20.0503 7692 ComputerName: MASTER-LAPTOP
18:04:20.0503 7692 UserName: Phil
18:04:20.0503 7692 Windows directory: C:\Windows
18:04:20.0503 7692 System windows directory: C:\Windows
18:04:20.0503 7692 Running under WOW64
18:04:20.0504 7692 Processor architecture: Intel x64
18:04:20.0504 7692 Number of processors: 4
18:04:20.0504 7692 Page size: 0x1000
18:04:20.0504 7692 Boot type: Normal boot
18:04:20.0504 7692 ============================================================
18:04:21.0693 7692 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:04:21.0704 7692 ============================================================
18:04:21.0704 7692 \Device\Harddisk0\DR0:
18:04:21.0704 7692 MBR partitions:
18:04:21.0704 7692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
18:04:21.0704 7692 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x54D13000
18:04:21.0704 7692 ============================================================
18:04:21.0745 7692 C: <-> \Device\Harddisk0\DR0\Partition2
18:04:21.0745 7692 ============================================================
18:04:21.0746 7692 Initialize success
18:04:21.0746 7692 ============================================================
18:05:01.0009 6384 ============================================================
18:05:01.0009 6384 Scan started
18:05:01.0009 6384 Mode: Manual; SigCheck; TDLFS;
18:05:01.0009 6384 ============================================================
18:05:01.0449 6384 ================ Scan system memory ========================
18:05:01.0449 6384 System memory - ok
18:05:01.0450 6384 ================ Scan services =============================
18:05:01.0836 6384 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:05:02.0045 6384 1394ohci - ok
18:05:02.0098 6384 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:05:02.0152 6384 ACPI - ok
18:05:02.0219 6384 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:05:02.0311 6384 AcpiPmi - ok
18:05:02.0443 6384 [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
18:05:02.0475 6384 AdobeActiveFileMonitor9.0 - ok
18:05:02.0553 6384 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:05:02.0582 6384 AdobeARMservice - ok
18:05:02.0741 6384 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:05:02.0777 6384 AdobeFlashPlayerUpdateSvc - ok
18:05:02.0834 6384 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:05:02.0884 6384 adp94xx - ok
18:05:02.0950 6384 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:05:02.0993 6384 adpahci - ok
18:05:03.0035 6384 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:05:03.0070 6384 adpu320 - ok
18:05:03.0116 6384 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:05:03.0353 6384 AeLookupSvc - ok
18:05:03.0430 6384 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:05:03.0521 6384 AFD - ok
18:05:03.0574 6384 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:05:03.0604 6384 agp440 - ok
18:05:03.0863 6384 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
18:05:03.0864 6384 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
18:05:03.0887 6384 Akamai ( HiddenFile.Multi.Generic ) - warning
18:05:03.0888 6384 Akamai - detected HiddenFile.Multi.Generic (1)
18:05:03.0950 6384 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:05:04.0006 6384 ALG - ok
18:05:04.0063 6384 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:05:04.0091 6384 aliide - ok
18:05:04.0099 6384 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:05:04.0127 6384 amdide - ok
18:05:04.0154 6384 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:05:04.0238 6384 AmdK8 - ok
18:05:04.0248 6384 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:05:04.0304 6384 AmdPPM - ok
18:05:04.0370 6384 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:05:04.0401 6384 amdsata - ok
18:05:04.0413 6384 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:05:04.0449 6384 amdsbs - ok
18:05:04.0475 6384 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:05:04.0503 6384 amdxata - ok
18:05:04.0606 6384 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
18:05:04.0649 6384 AppHostSvc - ok
18:05:04.0697 6384 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:05:04.0886 6384 AppID - ok
18:05:04.0937 6384 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:05:05.0056 6384 AppIDSvc - ok
18:05:05.0106 6384 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:05:05.0211 6384 Appinfo - ok
18:05:05.0265 6384 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:05:05.0297 6384 arc - ok
18:05:05.0308 6384 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:05:05.0339 6384 arcsas - ok
18:05:05.0465 6384 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:05:05.0503 6384 aspnet_state - ok
18:05:05.0567 6384 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:05:05.0686 6384 AsyncMac - ok
18:05:05.0742 6384 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:05:05.0770 6384 atapi - ok
18:05:05.0846 6384 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:05:05.0973 6384 AudioEndpointBuilder - ok
18:05:05.0993 6384 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:05:06.0106 6384 AudioSrv - ok
18:05:06.0169 6384 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:05:06.0287 6384 AxInstSV - ok
18:05:06.0362 6384 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:05:06.0424 6384 b06bdrv - ok
18:05:06.0491 6384 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:05:06.0580 6384 b57nd60a - ok
18:05:06.0689 6384 [ A424CB46A145E5AABF15621550976DF2 ] b57xdbd C:\Windows\system32\DRIVERS\b57xdbd.sys
18:05:06.0727 6384 b57xdbd - ok
18:05:06.0745 6384 [ BE4E6FD5A898812B85D5817AD9754A9F ] b57xdmp C:\Windows\system32\DRIVERS\b57xdmp.sys
18:05:06.0768 6384 b57xdmp - ok
18:05:06.0849 6384 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:05:06.0885 6384 BBSvc - ok
18:05:06.0989 6384 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:05:07.0033 6384 BBUpdate - ok
18:05:07.0056 6384 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:05:07.0105 6384 BDESVC - ok
18:05:07.0168 6384 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:05:07.0316 6384 Beep - ok
18:05:07.0389 6384 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:05:07.0519 6384 BFE - ok
18:05:07.0776 6384 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
18:05:07.0866 6384 BHDrvx64 - ok
18:05:07.0920 6384 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:05:08.0072 6384 BITS - ok
18:05:08.0133 6384 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:05:08.0228 6384 blbdrive - ok
18:05:08.0260 6384 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:05:08.0318 6384 bowser - ok
18:05:08.0334 6384 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:05:08.0375 6384 BrFiltLo - ok
18:05:08.0397 6384 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:05:08.0438 6384 BrFiltUp - ok
18:05:08.0497 6384 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:05:08.0533 6384 Browser - ok
18:05:08.0569 6384 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:05:08.0633 6384 Brserid - ok
18:05:08.0655 6384 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:05:08.0714 6384 BrSerWdm - ok
18:05:08.0744 6384 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:05:08.0793 6384 BrUsbMdm - ok
18:05:08.0821 6384 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:05:08.0869 6384 BrUsbSer - ok
18:05:08.0939 6384 [ 0970D8B7151E9113BF8D44CE2E954DF7 ] bScsiMSa C:\Windows\system32\DRIVERS\bScsiMSa.sys
18:05:08.0962 6384 bScsiMSa - ok
18:05:09.0009 6384 [ 0C1EEE5AF32402D306874B110DE237EC ] bScsiSDa C:\Windows\system32\DRIVERS\bScsiSDa.sys
18:05:09.0034 6384 bScsiSDa - ok
18:05:09.0058 6384 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:05:09.0113 6384 BTHMODEM - ok
18:05:09.0180 6384 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:05:09.0278 6384 bthserv - ok
18:05:09.0411 6384 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1402010.016\ccSetx64.sys
18:05:09.0442 6384 ccSet_NIS - ok
18:05:09.0503 6384 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:05:09.0609 6384 cdfs - ok
18:05:09.0670 6384 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:05:09.0716 6384 cdrom - ok
18:05:09.0768 6384 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:05:09.0886 6384 CertPropSvc - ok
18:05:09.0941 6384 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:05:09.0980 6384 circlass - ok
18:05:10.0061 6384 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:05:10.0105 6384 CLFS - ok
18:05:10.0153 6384 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:05:10.0180 6384 clr_optimization_v2.0.50727_32 - ok
18:05:10.0221 6384 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:05:10.0248 6384 clr_optimization_v2.0.50727_64 - ok
18:05:10.0346 6384 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:05:10.0374 6384 clr_optimization_v4.0.30319_32 - ok
18:05:10.0398 6384 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:05:10.0443 6384 clr_optimization_v4.0.30319_64 - ok
18:05:10.0492 6384 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:05:10.0537 6384 CmBatt - ok
18:05:10.0554 6384 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:05:10.0582 6384 cmdide - ok
18:05:10.0639 6384 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:05:10.0703 6384 CNG - ok
18:05:10.0726 6384 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:05:10.0755 6384 Compbatt - ok
18:05:10.0783 6384 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:05:10.0840 6384 CompositeBus - ok
18:05:10.0867 6384 COMSysApp - ok
18:05:10.0899 6384 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:05:10.0927 6384 crcdisk - ok
18:05:10.0989 6384 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:05:11.0042 6384 CryptSvc - ok
18:05:11.0133 6384 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:05:11.0200 6384 cvhsvc - ok
18:05:11.0287 6384 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:05:11.0413 6384 DcomLaunch - ok
18:05:11.0486 6384 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:05:11.0600 6384 defragsvc - ok
18:05:11.0662 6384 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:05:11.0763 6384 DfsC - ok
18:05:11.0827 6384 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
18:05:11.0857 6384 dg_ssudbus - ok
18:05:11.0924 6384 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:05:12.0005 6384 Dhcp - ok
18:05:12.0073 6384 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:05:12.0181 6384 discache - ok
18:05:12.0241 6384 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:05:12.0272 6384 Disk - ok
18:05:12.0303 6384 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:05:12.0359 6384 Dnscache - ok
18:05:12.0386 6384 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:05:12.0502 6384 dot3svc - ok
18:05:12.0538 6384 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:05:12.0643 6384 DPS - ok
18:05:12.0694 6384 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:05:12.0746 6384 drmkaud - ok
18:05:12.0839 6384 [ 9DD3A22F804697606C2B7FF9E912FF6B ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
18:05:12.0878 6384 DsiWMIService - ok
18:05:12.0932 6384 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:05:13.0005 6384 DXGKrnl - ok
18:05:13.0039 6384 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:05:13.0150 6384 EapHost - ok
18:05:13.0275 6384 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:05:13.0459 6384 ebdrv - ok
18:05:13.0547 6384 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:05:13.0597 6384 eeCtrl - ok
18:05:13.0640 6384 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:05:13.0700 6384 EFS - ok
18:05:13.0765 6384 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:05:13.0841 6384 ehRecvr - ok
18:05:13.0902 6384 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:05:13.0956 6384 ehSched - ok
18:05:14.0017 6384 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:05:14.0068 6384 elxstor - ok
18:05:14.0154 6384 [ 48425C93B6F36529707206E4FA680CF3 ] ePowerSvc C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
18:05:14.0219 6384 ePowerSvc - ok
18:05:14.0275 6384 [ 20ECD0A490A121CB34F553FAD1DBBD39 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe
18:05:14.0305 6384 EpsonScanSvc - ok
18:05:14.0368 6384 EraserUtilDrv11220 - ok
18:05:14.0408 6384 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:05:14.0437 6384 EraserUtilRebootDrv - ok
18:05:14.0455 6384 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:05:14.0501 6384 ErrDev - ok
18:05:14.0580 6384 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:05:14.0704 6384 EventSystem - ok
18:05:14.0750 6384 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:05:14.0848 6384 exfat - ok
18:05:14.0868 6384 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:05:14.0978 6384 fastfat - ok
18:05:15.0042 6384 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:05:15.0115 6384 Fax - ok
18:05:15.0143 6384 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:05:15.0188 6384 fdc - ok
18:05:15.0233 6384 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:05:15.0329 6384 fdPHost - ok
18:05:15.0348 6384 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:05:15.0457 6384 FDResPub - ok
18:05:15.0491 6384 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:05:15.0522 6384 FileInfo - ok
18:05:15.0529 6384 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:05:15.0632 6384 Filetrace - ok
18:05:15.0789 6384 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
18:05:15.0882 6384 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
18:05:15.0883 6384 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
18:05:15.0909 6384 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:05:15.0942 6384 flpydisk - ok
18:05:15.0997 6384 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:05:16.0036 6384 FltMgr - ok
18:05:16.0136 6384 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
18:05:16.0211 6384 FontCache - ok
18:05:16.0255 6384 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:05:16.0280 6384 FontCache3.0.0.0 - ok
18:05:16.0295 6384 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:05:16.0324 6384 FsDepends - ok
18:05:16.0387 6384 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:05:16.0415 6384 Fs_Rec - ok
18:05:16.0477 6384 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:05:16.0522 6384 fvevol - ok
18:05:16.0562 6384 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:05:16.0592 6384 gagp30kx - ok
18:05:16.0672 6384 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:05:16.0703 6384 GamesAppService - ok
18:05:16.0780 6384 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:05:16.0898 6384 gpsvc - ok
18:05:16.0981 6384 [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
18:05:17.0005 6384 GREGService - ok
18:05:17.0072 6384 Guard.Mail.ru - ok
18:05:17.0137 6384 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:05:17.0163 6384 gupdate - ok
18:05:17.0294 6384 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:05:17.0318 6384 gupdatem - ok
18:05:17.0371 6384 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
18:05:17.0394 6384 hamachi - ok
18:05:17.0532 6384 [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
18:05:17.0671 6384 Hamachi2Svc - ok
18:05:17.0709 6384 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:05:17.0752 6384 hcw85cir - ok
18:05:17.0812 6384 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:05:17.0880 6384 HdAudAddService - ok
18:05:17.0932 6384 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:05:17.0995 6384 HDAudBus - ok
18:05:18.0019 6384 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:05:18.0070 6384 HidBatt - ok
18:05:18.0088 6384 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:05:18.0146 6384 HidBth - ok
18:05:18.0179 6384 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:05:18.0220 6384 HidIr - ok
18:05:18.0245 6384 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:05:18.0350 6384 hidserv - ok
18:05:18.0410 6384 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:05:18.0444 6384 HidUsb - ok
18:05:18.0477 6384 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:05:18.0594 6384 hkmsvc - ok
18:05:18.0606 6384 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:05:18.0651 6384 HomeGroupListener - ok
18:05:18.0683 6384 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:05:18.0731 6384 HomeGroupProvider - ok
18:05:18.0773 6384 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:05:18.0803 6384 HpSAMD - ok
18:05:18.0861 6384 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:05:19.0008 6384 HTTP - ok
18:05:19.0039 6384 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:05:19.0067 6384 hwpolicy - ok
18:05:19.0121 6384 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:05:19.0156 6384 i8042prt - ok
18:05:19.0222 6384 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys
18:05:19.0268 6384 iaStor - ok
18:05:19.0361 6384 [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:05:19.0384 6384 IAStorDataMgrSvc - ok
18:05:19.0440 6384 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:05:19.0485 6384 iaStorV - ok
18:05:19.0617 6384 [ 9AC1E19D77BA038F24E2FAB5D95F70D3 ] ICQ Service C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE
18:05:19.0650 6384 ICQ Service - ok
18:05:19.0711 6384 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:05:19.0773 6384 idsvc - ok
18:05:19.0912 6384 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130308.001\IDSvia64.sys
18:05:19.0958 6384 IDSVia64 - ok
18:05:20.0382 6384 [ 9937600A1584FF00565D5379EB4C9EDB ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:05:20.0940 6384 igfx - ok
18:05:21.0004 6384 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:05:21.0027 6384 iirsp - ok
18:05:21.0066 6384 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:05:21.0187 6384 IKEEXT - ok
18:05:21.0243 6384 [ CAA8BC6737DFA3BF1A50175CFB226788 ] InputFilter_Hid_FlexDef2b C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys
18:05:21.0277 6384 InputFilter_Hid_FlexDef2b - ok
18:05:21.0410 6384 [ 1CE438B31551746AB450D8FFA403BDB5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:05:21.0564 6384 IntcAzAudAddService - ok
18:05:21.0633 6384 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:05:21.0685 6384 IntcDAud - ok
18:05:21.0704 6384 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:05:21.0732 6384 intelide - ok
18:05:21.0784 6384 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:05:21.0832 6384 intelppm - ok
18:05:21.0883 6384 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:05:21.0991 6384 IPBusEnum - ok
18:05:22.0018 6384 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:05:22.0111 6384 IpFilterDriver - ok
18:05:22.0162 6384 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:05:22.0248 6384 iphlpsvc - ok
18:05:22.0286 6384 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:05:22.0333 6384 IPMIDRV - ok
18:05:22.0342 6384 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:05:22.0445 6384 IPNAT - ok
18:05:22.0495 6384 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:05:22.0556 6384 IRENUM - ok
18:05:22.0578 6384 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:05:22.0606 6384 isapnp - ok
18:05:22.0629 6384 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:05:22.0668 6384 iScsiPrt - ok
18:05:22.0743 6384 [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
18:05:22.0783 6384 k57nd60a - ok
18:05:22.0840 6384 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:05:22.0869 6384 kbdclass - ok
18:05:22.0899 6384 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:05:22.0948 6384 kbdhid - ok
18:05:22.0986 6384 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:05:23.0018 6384 KeyIso - ok
18:05:23.0053 6384 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:05:23.0084 6384 KSecDD - ok
18:05:23.0095 6384 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:05:23.0130 6384 KSecPkg - ok
18:05:23.0154 6384 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:05:23.0258 6384 ksthunk - ok
18:05:23.0298 6384 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:05:23.0421 6384 KtmRm - ok
18:05:23.0481 6384 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:05:23.0592 6384 LanmanServer - ok
18:05:23.0623 6384 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:05:23.0732 6384 LanmanWorkstation - ok
18:05:23.0821 6384 [ 93B73DED2BC688F140C6AE2FBAD45789 ] Live Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
18:05:23.0851 6384 Live Updater Service - ok
18:05:23.0899 6384 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:05:24.0001 6384 lltdio - ok
18:05:24.0033 6384 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:05:24.0152 6384 lltdsvc - ok
18:05:24.0170 6384 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:05:24.0283 6384 lmhosts - ok
18:05:24.0374 6384 [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:05:24.0413 6384 LMS - ok
18:05:24.0483 6384 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:05:24.0514 6384 LSI_FC - ok
18:05:24.0524 6384 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:05:24.0556 6384 LSI_SAS - ok
18:05:24.0565 6384 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:05:24.0594 6384 LSI_SAS2 - ok
18:05:24.0604 6384 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:05:24.0637 6384 LSI_SCSI - ok
18:05:24.0679 6384 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:05:24.0790 6384 luafv - ok
18:05:24.0931 6384 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
18:05:24.0967 6384 McComponentHostService - ok
18:05:25.0001 6384 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:05:25.0054 6384 Mcx2Svc - ok
18:05:25.0079 6384 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:05:25.0108 6384 megasas - ok
18:05:25.0167 6384 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:05:25.0207 6384 MegaSR - ok
18:05:25.0267 6384 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:05:25.0291 6384 MEIx64 - ok
18:05:25.0347 6384 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:05:25.0463 6384 MMCSS - ok
18:05:25.0498 6384 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:05:25.0609 6384 Modem - ok
18:05:25.0667 6384 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:05:25.0723 6384 monitor - ok
18:05:25.0752 6384 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:05:25.0781 6384 mouclass - ok
18:05:25.0800 6384 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:05:25.0851 6384 mouhid - ok
18:05:25.0873 6384 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:05:25.0908 6384 mountmgr - ok
18:05:25.0974 6384 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:05:26.0004 6384 MozillaMaintenance - ok
18:05:26.0041 6384 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:05:26.0074 6384 mpio - ok
18:05:26.0092 6384 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:05:26.0187 6384 mpsdrv - ok
18:05:26.0253 6384 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:05:26.0389 6384 MpsSvc - ok
18:05:26.0422 6384 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:05:26.0479 6384 MRxDAV - ok
18:05:26.0506 6384 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:05:26.0570 6384 mrxsmb - ok
18:05:26.0601 6384 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:05:26.0640 6384 mrxsmb10 - ok
18:05:26.0657 6384 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:05:26.0691 6384 mrxsmb20 - ok
18:05:26.0705 6384 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:05:26.0733 6384 msahci - ok
18:05:26.0744 6384 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:05:26.0777 6384 msdsm - ok
18:05:26.0814 6384 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:05:26.0871 6384 MSDTC - ok
18:05:26.0899 6384 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:05:27.0004 6384 Msfs - ok
18:05:27.0068 6384 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:05:27.0178 6384 mshidkmdf - ok
18:05:27.0199 6384 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:05:27.0227 6384 msisadrv - ok
18:05:27.0289 6384 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:05:27.0406 6384 MSiSCSI - ok
18:05:27.0415 6384 msiserver - ok
18:05:27.0470 6384 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:05:27.0577 6384 MSKSSRV - ok
18:05:27.0604 6384 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:05:27.0715 6384 MSPCLOCK - ok
18:05:27.0760 6384 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:05:27.0869 6384 MSPQM - ok
18:05:27.0907 6384 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:05:27.0957 6384 MsRPC - ok
18:05:27.0969 6384 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:05:27.0998 6384 mssmbios - ok
18:05:28.0096 6384 MSSQL$SQLEXPRESS - ok
18:05:28.0152 6384 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:05:28.0181 6384 MSSQLServerADHelper100 - ok
18:05:28.0213 6384 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:05:28.0319 6384 MSTEE - ok
18:05:28.0328 6384 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:05:28.0360 6384 MTConfig - ok
18:05:28.0382 6384 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:05:28.0411 6384 Mup - ok
18:05:28.0452 6384 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:05:28.0573 6384 napagent - ok
18:05:28.0641 6384 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:05:28.0708 6384 NativeWifiP - ok
18:05:28.0787 6384 [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
18:05:28.0838 6384 NAUpdate - ok
18:05:28.0988 6384 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130311.004\ENG64.SYS
18:05:29.0018 6384 NAVENG - ok
18:05:29.0113 6384 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130311.004\EX64.SYS
18:05:29.0234 6384 NAVEX15 - ok
18:05:29.0305 6384 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:05:29.0376 6384 NDIS - ok
18:05:29.0424 6384 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:05:29.0525 6384 NdisCap - ok
18:05:29.0570 6384 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:05:29.0663 6384 NdisTapi - ok
18:05:29.0671 6384 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:05:29.0777 6384 Ndisuio - ok
18:05:29.0789 6384 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:05:29.0895 6384 NdisWan - ok
18:05:29.0903 6384 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:05:29.0996 6384 NDProxy - ok
18:05:30.0053 6384 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:05:30.0165 6384 NetBIOS - ok
18:05:30.0177 6384 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:05:30.0276 6384 NetBT - ok
18:05:30.0319 6384 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:05:30.0351 6384 Netlogon - ok
18:05:30.0443 6384 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:05:30.0561 6384 Netman - ok
18:05:30.0601 6384 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:05:30.0629 6384 NetMsmqActivator - ok
18:05:30.0637 6384 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:05:30.0666 6384 NetPipeActivator - ok
18:05:30.0702 6384 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:05:30.0826 6384 netprofm - ok
18:05:30.0855 6384 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:05:30.0883 6384 NetTcpActivator - ok
18:05:30.0892 6384 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:05:30.0920 6384 NetTcpPortSharing - ok
18:05:31.0022 6384 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:05:31.0051 6384 nfrd960 - ok
18:05:31.0258 6384 [ 4BA84C832E0741A294C4444556DFE993 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
18:05:31.0287 6384 NIS - ok
18:05:31.0329 6384 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:05:31.0391 6384 NlaSvc - ok
18:05:31.0547 6384 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
18:05:31.0701 6384 NOBU - ok
18:05:31.0734 6384 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:05:31.0828 6384 Npfs - ok
18:05:31.0855 6384 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:05:31.0947 6384 nsi - ok
18:05:31.0967 6384 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:05:32.0049 6384 nsiproxy - ok
18:05:32.0133 6384 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:05:32.0223 6384 Ntfs - ok
18:05:32.0254 6384 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:05:32.0328 6384 Null - ok
18:05:33.0503 6384 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:05:34.0201 6384 nvlddmkm - ok
18:05:34.0346 6384 [ 918841B2454F4F2BD94479692079490B ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
18:05:34.0371 6384 nvpciflt - ok
18:05:34.0417 6384 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:05:34.0451 6384 nvraid - ok
18:05:34.0462 6384 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:05:34.0497 6384 nvstor - ok
18:05:34.0548 6384 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
18:05:34.0612 6384 nvsvc - ok
18:05:34.0704 6384 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:05:34.0786 6384 nvUpdatusService - ok
18:05:34.0812 6384 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:05:34.0846 6384 nv_agp - ok
18:05:34.0928 6384 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:05:34.0971 6384 odserv - ok
18:05:34.0993 6384 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:05:35.0036 6384 ohci1394 - ok
18:05:35.0097 6384 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:05:35.0127 6384 ose - ok
18:05:35.0316 6384 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:05:35.0611 6384 osppsvc - ok
18:05:35.0657 6384 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:05:35.0712 6384 p2pimsvc - ok
18:05:35.0818 6384 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:05:35.0898 6384 p2psvc - ok
18:05:35.0931 6384 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:05:35.0965 6384 Parport - ok
18:05:35.0997 6384 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:05:36.0027 6384 partmgr - ok
18:05:36.0065 6384 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:05:36.0127 6384 PcaSvc - ok
18:05:36.0153 6384 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:05:36.0189 6384 pci - ok
18:05:36.0215 6384 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:05:36.0243 6384 pciide - ok
18:05:36.0256 6384 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:05:36.0292 6384 pcmcia - ok
18:05:36.0303 6384 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:05:36.0332 6384 pcw - ok
18:05:36.0350 6384 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:05:36.0453 6384 PEAUTH - ok
18:05:36.0548 6384 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:05:36.0587 6384 PerfHost - ok
18:05:36.0656 6384 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:05:36.0785 6384 pla - ok
18:05:36.0849 6384 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:05:36.0901 6384 PlugPlay - ok
18:05:36.0946 6384 PnkBstrA - ok
18:05:36.0976 6384 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:05:37.0024 6384 PNRPAutoReg - ok
18:05:37.0057 6384 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:05:37.0097 6384 PNRPsvc - ok
18:05:37.0137 6384 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:05:37.0254 6384 PolicyAgent - ok
18:05:37.0282 6384 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:05:37.0390 6384 Power - ok
18:05:37.0444 6384 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:05:37.0554 6384 PptpMiniport - ok
18:05:37.0578 6384 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:05:37.0626 6384 Processor - ok
18:05:37.0688 6384 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:05:37.0726 6384 ProfSvc - ok
18:05:37.0752 6384 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:05:37.0784 6384 ProtectedStorage - ok
18:05:37.0841 6384 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:05:37.0947 6384 Psched - ok
18:05:37.0976 6384 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:05:38.0001 6384 PxHlpa64 - ok
18:05:38.0062 6384 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:05:38.0161 6384 ql2300 - ok
18:05:38.0192 6384 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:05:38.0224 6384 ql40xx - ok
18:05:38.0285 6384 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:05:38.0340 6384 QWAVE - ok
18:05:38.0351 6384 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:05:38.0413 6384 QWAVEdrv - ok
18:05:38.0435 6384 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:05:38.0544 6384 RasAcd - ok
18:05:38.0597 6384 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:05:38.0690 6384 RasAgileVpn - ok
18:05:38.0720 6384 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:05:38.0831 6384 RasAuto - ok
18:05:38.0887 6384 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:05:38.0989 6384 Rasl2tp - ok
18:05:39.0018 6384 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:05:39.0120 6384 RasMan - ok
18:05:39.0188 6384 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:05:39.0304 6384 RasPppoe - ok
18:05:39.0336 6384 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:05:39.0442 6384 RasSstp - ok
18:05:39.0463 6384 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:05:39.0578 6384 rdbss - ok
18:05:39.0595 6384 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
18:05:39.0650 6384 rdpbus - ok
18:05:39.0672 6384 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:05:39.0766 6384 RDPCDD - ok
18:05:39.0824 6384 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:05:39.0933 6384 RDPENCDD - ok
18:05:39.0958 6384 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:05:40.0053 6384 RDPREFMP - ok
18:05:40.0092 6384 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:05:40.0129 6384 RDPWD - ok
18:05:40.0176 6384 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:05:40.0212 6384 rdyboost - ok
18:05:40.0245 6384 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:05:40.0355 6384 RemoteAccess - ok
18:05:40.0380 6384 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:05:40.0494 6384 RemoteRegistry - ok
18:05:40.0543 6384 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:05:40.0650 6384 RpcEptMapper - ok
18:05:40.0687 6384 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:05:40.0739 6384 RpcLocator - ok
18:05:40.0788 6384 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:05:40.0895 6384 RpcSs - ok
18:05:40.0973 6384 [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105 C:\Windows\system32\DRIVERS\RsFx0105.sys
18:05:41.0009 6384 RsFx0105 - ok
18:05:41.0064 6384 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:05:41.0158 6384 rspndr - ok
18:05:41.0256 6384 [ FA088015155C4C6DAB5D1D9E68EB9D6B ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
18:05:41.0331 6384 RTL8192Ce - ok
18:05:41.0353 6384 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:05:41.0386 6384 SamSs - ok
18:05:41.0407 6384 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:05:41.0438 6384 sbp2port - ok
18:05:41.0478 6384 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:05:41.0580 6384 SCardSvr - ok
18:05:41.0608 6384 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:05:41.0714 6384 scfilter - ok
18:05:41.0762 6384 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:05:41.0905 6384 Schedule - ok
18:05:41.0936 6384 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:05:42.0008 6384 SCPolicySvc - ok
18:05:42.0036 6384 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:05:42.0082 6384 sdbus - ok
18:05:42.0117 6384 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:05:42.0163 6384 SDRSVC - ok
18:05:42.0209 6384 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:05:42.0299 6384 secdrv - ok
18:05:42.0323 6384 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:05:42.0409 6384 seclogon - ok
18:05:42.0430 6384 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:05:42.0521 6384 SENS - ok
18:05:42.0590 6384 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:05:42.0660 6384 SensrSvc - ok
18:05:42.0692 6384 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:05:42.0735 6384 Serenum - ok
18:05:42.0761 6384 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:05:42.0819 6384 Serial - ok
18:05:42.0845 6384 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:05:42.0902 6384 sermouse - ok
18:05:42.0938 6384 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:05:43.0046 6384 SessionEnv - ok
18:05:43.0054 6384 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:05:43.0092 6384 sffdisk - ok
18:05:43.0128 6384 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:05:43.0177 6384 sffp_mmc - ok
18:05:43.0185 6384 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:05:43.0231 6384 sffp_sd - ok
18:05:43.0241 6384 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:05:43.0284 6384 sfloppy - ok
18:05:43.0363 6384 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
18:05:43.0420 6384 Sftfs - ok
18:05:43.0480 6384 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:05:43.0526 6384 sftlist - ok
18:05:43.0585 6384 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:05:43.0620 6384 Sftplay - ok
18:05:43.0683 6384 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:05:43.0707 6384 Sftredir - ok
18:05:43.0715 6384 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
18:05:43.0740 6384 Sftvol - ok
18:05:43.0756 6384 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:05:43.0792 6384 sftvsa - ok
18:05:43.0820 6384 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:05:43.0937 6384 SharedAccess - ok
18:05:43.0986 6384 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:05:44.0102 6384 ShellHWDetection - ok
18:05:44.0141 6384 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:05:44.0170 6384 SiSRaid2 - ok
18:05:44.0192 6384 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:05:44.0223 6384 SiSRaid4 - ok
18:05:44.0405 6384 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:05:44.0601 6384 Skype C2C Service - ok
18:05:44.0677 6384 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:05:44.0705 6384 SkypeUpdate - ok
18:05:44.0745 6384 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:05:44.0848 6384 Smb - ok
18:05:44.0883 6384 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:05:44.0919 6384 SNMPTRAP - ok
18:05:44.0943 6384 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:05:44.0972 6384 spldr - ok
18:05:45.0027 6384 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:05:45.0075 6384 Spooler - ok
18:05:45.0192 6384 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:05:45.0447 6384 sppsvc - ok
18:05:45.0466 6384 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:05:45.0560 6384 sppuinotify - ok
18:05:45.0682 6384 [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:05:45.0716 6384 SQLAgent$SQLEXPRESS - ok
18:05:45.0778 6384 [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:05:45.0812 6384 SQLBrowser - ok
18:05:45.0911 6384 [ F92E5F93BE572B512DA3C016B675EDE0 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:05:45.0940 6384 SQLWriter - ok
18:05:46.0043 6384 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\System32\Drivers\NISx64\1402010.016\SRTSP64.SYS
18:05:46.0100 6384 SRTSP - ok
18:05:46.0127 6384 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\NISx64\1402010.016\SRTSPX64.SYS
18:05:46.0152 6384 SRTSPX - ok
18:05:46.0188 6384 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:05:46.0257 6384 srv - ok
18:05:46.0280 6384 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:05:46.0335 6384 srv2 - ok
18:05:46.0348 6384 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:05:46.0383 6384 srvnet - ok
18:05:46.0450 6384 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:05:46.0570 6384 SSDPSRV - ok
18:05:46.0582 6384 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:05:46.0683 6384 SstpSvc - ok
18:05:46.0724 6384 Steam Client Service - ok
18:05:46.0765 6384 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:05:46.0788 6384 stexstor - ok
18:05:46.0846 6384 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:05:46.0920 6384 stisvc - ok
18:05:46.0943 6384 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:05:46.0971 6384 swenum - ok
18:05:47.0007 6384 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:05:47.0132 6384 swprv - ok
18:05:47.0256 6384 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\NISx64\1402010.016\SYMDS64.SYS
18:05:47.0301 6384 SymDS - ok
18:05:47.0353 6384 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\NISx64\1402010.016\SYMEFA64.SYS
18:05:47.0427 6384 SymEFA - ok
18:05:47.0502 6384 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:05:47.0531 6384 SymEvent - ok
18:05:47.0571 6384 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1402010.016\Ironx64.SYS
18:05:47.0604 6384 SymIRON - ok
18:05:47.0643 6384 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\NISx64\1402010.016\SYMNETS.SYS
18:05:47.0686 6384 SymNetS - ok
18:05:47.0771 6384 [ EF51B22706DB03F0857FADE127C804EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:05:47.0857 6384 SynTP - ok
18:05:48.0020 6384 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:05:48.0163 6384 SysMain - ok
18:05:48.0198 6384 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:05:48.0257 6384 TabletInputService - ok
18:05:48.0282 6384 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:05:48.0384 6384 TapiSrv - ok
18:05:48.0410 6384 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:05:48.0517 6384 TBS - ok
18:05:48.0622 6384 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:05:48.0740 6384 Tcpip - ok
18:05:48.0833 6384 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:05:48.0940 6384 TCPIP6 - ok
18:05:48.0973 6384 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:05:49.0003 6384 tcpipreg - ok
18:05:49.0034 6384 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:05:49.0073 6384 TDPIPE - ok
18:05:49.0105 6384 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:05:49.0135 6384 TDTCP - ok
18:05:49.0180 6384 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:05:49.0287 6384 tdx - ok
18:05:49.0585 6384 [ 01CC3B9349B244C752CDD99EFDA080BB ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
18:05:49.0898 6384 TeamViewer8 - ok
18:05:49.0935 6384 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:05:49.0965 6384 TermDD - ok
18:05:49.0997 6384 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:05:50.0120 6384 TermService - ok
18:05:50.0143 6384 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:05:50.0192 6384 Themes - ok
18:05:50.0226 6384 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:05:50.0322 6384 THREADORDER - ok
18:05:50.0395 6384 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:05:50.0509 6384 TrkWks - ok
18:05:50.0562 6384 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:05:50.0656 6384 TrustedInstaller - ok
18:05:50.0680 6384 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:05:50.0788 6384 tssecsrv - ok
18:05:50.0850 6384 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:05:50.0881 6384 TsUsbFlt - ok
18:05:50.0902 6384 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:05:50.0933 6384 TsUsbGD - ok
18:05:50.0984 6384 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:05:51.0092 6384 tunnel - ok
18:05:51.0152 6384 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
18:05:51.0178 6384 TurboB - ok
18:05:51.0222 6384 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:05:51.0252 6384 TurboBoost - ok
18:05:51.0276 6384 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:05:51.0306 6384 uagp35 - ok
18:05:51.0334 6384 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:05:51.0447 6384 udfs - ok
18:05:51.0489 6384 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:05:51.0526 6384 UI0Detect - ok
18:05:51.0563 6384 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:05:51.0592 6384 uliagpkx - ok
18:05:51.0642 6384 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:05:51.0691 6384 umbus - ok
18:05:51.0713 6384 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:05:51.0768 6384 UmPass - ok
18:05:51.0914 6384 [ A678E5DDD974903DD71F503BDCACA218 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:05:52.0065 6384 UNS - ok
18:05:52.0103 6384 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:05:52.0226 6384 upnphost - ok
18:05:52.0255 6384 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:05:52.0288 6384 usbccgp - ok
18:05:52.0313 6384 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:05:52.0355 6384 usbcir - ok
18:05:52.0366 6384 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:05:52.0414 6384 usbehci - ok
18:05:52.0450 6384 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
18:05:52.0509 6384 usbhub - ok
18:05:52.0535 6384 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:05:52.0580 6384 usbohci - ok
18:05:52.0625 6384 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:05:52.0679 6384 usbprint - ok
18:05:52.0725 6384 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:05:52.0771 6384 usbscan - ok
18:05:52.0791 6384 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:05:52.0825 6384 USBSTOR - ok
18:05:52.0847 6384 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:05:52.0887 6384 usbuhci - ok
18:05:52.0944 6384 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:05:52.0988 6384 usbvideo - ok
18:05:53.0008 6384 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:05:53.0118 6384 UxSms - ok
18:05:53.0142 6384 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:05:53.0173 6384 VaultSvc - ok
18:05:53.0198 6384 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:05:53.0226 6384 vdrvroot - ok
18:05:53.0281 6384 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:05:53.0406 6384 vds - ok
18:05:53.0453 6384 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:05:53.0492 6384 vga - ok
18:05:53.0509 6384 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:05:53.0618 6384 VgaSave - ok
18:05:53.0632 6384 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:05:53.0669 6384 vhdmp - ok
18:05:53.0679 6384 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:05:53.0712 6384 viaide - ok
18:05:53.0721 6384 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:05:53.0750 6384 volmgr - ok
18:05:53.0762 6384 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:05:53.0797 6384 volmgrx - ok
18:05:53.0810 6384 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:05:53.0843 6384 volsnap - ok
18:05:53.0891 6384 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:05:53.0922 6384 vsmraid - ok
18:05:53.0995 6384 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:05:54.0115 6384 VSS - ok
18:05:54.0143 6384 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:05:54.0190 6384 vwifibus - ok
18:05:54.0196 6384 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:05:54.0249 6384 vwififlt - ok
18:05:54.0290 6384 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:05:54.0326 6384 vwifimp - ok
18:05:54.0380 6384 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:05:54.0468 6384 W32Time - ok
18:05:54.0502 6384 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:05:54.0544 6384 WacomPen - ok
18:05:54.0599 6384 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:05:54.0707 6384 WANARP - ok
18:05:54.0715 6384 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:05:54.0807 6384 Wanarpv6 - ok
18:05:54.0944 6384 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
18:05:55.0001 6384 WAS - ok
18:05:55.0068 6384 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:05:55.0167 6384 wbengine - ok
18:05:55.0181 6384 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:05:55.0235 6384 WbioSrvc - ok
18:05:55.0272 6384 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:05:55.0345 6384 wcncsvc - ok
18:05:55.0371 6384 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:05:55.0415 6384 WcsPlugInService - ok
18:05:55.0449 6384 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:05:55.0480 6384 Wd - ok
18:05:55.0542 6384 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:05:55.0608 6384 Wdf01000 - ok
18:05:55.0647 6384 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:05:55.0716 6384 WdiServiceHost - ok
18:05:55.0724 6384 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:05:55.0774 6384 WdiSystemHost - ok
18:05:55.0786 6384 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:05:55.0847 6384 WebClient - ok
18:05:55.0882 6384 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:05:56.0002 6384 Wecsvc - ok
18:05:56.0023 6384 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:05:56.0122 6384 wercplsupport - ok
18:05:56.0170 6384 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:05:56.0247 6384 WerSvc - ok
18:05:56.0295 6384 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:05:56.0369 6384 WfpLwf - ok
18:05:56.0381 6384 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:05:56.0404 6384 WIMMount - ok
18:05:56.0431 6384 WinDefend - ok
18:05:56.0554 6384 [ CA84C2A0D1F70AF0A990130BB3CF4AAD ] Windows7FirewallService C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
18:05:56.0604 6384 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - warning
18:05:56.0605 6384 Windows7FirewallService - detected UnsignedFile.Multi.Generic (1)
18:05:56.0611 6384 WinHttpAutoProxySvc - ok
18:05:56.0685 6384 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:05:56.0785 6384 Winmgmt - ok
18:05:56.0864 6384 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:05:57.0025 6384 WinRM - ok
18:05:57.0128 6384 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:05:57.0173 6384 WinUsb - ok
18:05:57.0230 6384 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:05:57.0317 6384 Wlansvc - ok
18:05:57.0371 6384 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:05:57.0396 6384 wlcrasvc - ok
18:05:57.0516 6384 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:05:57.0647 6384 wlidsvc - ok
18:05:57.0706 6384 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:05:57.0747 6384 WmiAcpi - ok
18:05:57.0785 6384 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:05:57.0844 6384 wmiApSrv - ok
18:05:57.0900 6384 WMPNetworkSvc - ok
18:05:57.0939 6384 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:05:57.0973 6384 WPCSvc - ok
18:05:57.0988 6384 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:05:58.0030 6384 WPDBusEnum - ok
18:05:58.0062 6384 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:05:58.0156 6384 ws2ifsl - ok
18:05:58.0184 6384 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:05:58.0256 6384 wscsvc - ok
18:05:58.0319 6384 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
18:05:58.0355 6384 WSDPrintDevice - ok
18:05:58.0372 6384 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
18:05:58.0405 6384 WSDScan - ok
18:05:58.0411 6384 WSearch - ok
18:05:58.0507 6384 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:05:58.0644 6384 wuauserv - ok
18:05:58.0674 6384 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:05:58.0717 6384 WudfPf - ok
18:05:58.0791 6384 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:05:58.0840 6384 WUDFRd - ok
18:05:58.0868 6384 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:05:58.0928 6384 wudfsvc - ok
18:05:58.0971 6384 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:05:59.0042 6384 WwanSvc - ok
18:05:59.0091 6384 ================ Scan global ===============================
18:05:59.0129 6384 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:05:59.0184 6384 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:05:59.0204 6384 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:05:59.0242 6384 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:05:59.0263 6384 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:05:59.0271 6384 [Global] - ok
18:05:59.0272 6384 ================ Scan MBR ==================================
18:05:59.0287 6384 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:06:00.0242 6384 \Device\Harddisk0\DR0 - ok
18:06:00.0243 6384 ================ Scan VBR ==================================
18:06:00.0269 6384 [ CBB06B8DA6700E514D20795F688BC745 ] \Device\Harddisk0\DR0\Partition1
18:06:00.0273 6384 \Device\Harddisk0\DR0\Partition1 - ok
18:06:00.0281 6384 [ 9CBB22552D491F9B7608604E849083A6 ] \Device\Harddisk0\DR0\Partition2
18:06:00.0286 6384 \Device\Harddisk0\DR0\Partition2 - ok
18:06:00.0287 6384 ============================================================
18:06:00.0287 6384 Scan finished
18:06:00.0287 6384 ============================================================
18:06:00.0307 4412 Detected object count: 3
18:06:00.0307 4412 Actual detected object count: 3
18:23:38.0205 4412 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
18:23:38.0205 4412 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
18:23:38.0209 4412 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:38.0209 4412 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:38.0210 4412 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:38.0210 4412 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
11.03.2013, 21:16
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannten Trojaner von Freund aufgespielt Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2013, 23:29
| #9 |
| | Unbekannten Trojaner von Freund aufgespielt Ich wäre beinahe eingeschlafen^^ Combofix-Log: Code:
ATTFilter ComboFix 13-03-11.01 - Phil 11.03.2013 22:28:47.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8044.5721 [GMT 1:00]
ausgeführt von:: c:\users\Phil\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\cs.exe
c:\users\Phil\AppData\Local\assembly\tmp
c:\users\Phil\HijackThis.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-11 bis 2013-03-11 ))))))))))))))))))))))))))))))
.
.
2013-03-11 21:53 . 2013-03-11 21:53 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-03-11 21:53 . 2013-03-11 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-11 21:53 . 2013-03-11 21:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-10 22:55 . 2013-03-10 22:55 -------- d-----w- c:\users\Phil\AppData\Roaming\Malwarebytes
2013-03-10 22:55 . 2013-03-10 22:55 -------- d-----w- c:\programdata\Malwarebytes
2013-03-10 22:55 . 2013-03-10 22:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-10 22:55 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-10 22:54 . 2013-03-10 22:54 -------- d-----w- c:\users\Phil\AppData\Local\Programs
2013-03-10 15:28 . 2013-03-10 15:28 -------- d-----w- c:\program files\Common Files\EPSON
2013-03-09 11:47 . 2013-03-09 11:47 -------- d-----w- c:\program files\Windows7FirewallControl
2013-03-08 23:51 . 2013-03-08 23:51 -------- d-----w- c:\program files (x86)\TeamViewer
2013-03-07 14:23 . 2013-03-07 14:23 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 14:23 . 2013-03-07 14:23 -------- d-----w- c:\program files (x86)\Java
2013-03-06 13:16 . 2013-03-06 13:16 -------- d-----w- C:\mysql-connector-java-5.1.23
2013-03-03 21:09 . 2013-03-03 21:09 -------- d-----w- c:\users\Phil\AppData\Roaming\com.stoicstudio.TheBannerSagaFactions
2013-03-03 21:08 . 2013-03-03 21:08 -------- d-----w- c:\users\Phil\tbs_logs
2013-03-03 13:51 . 2013-03-03 13:53 -------- d-----w- c:\users\Phil\SE
2013-02-21 16:12 . 2013-03-11 21:55 -------- d-----w- c:\users\Phil\AppData\Local\LogMeIn Hamachi
2013-02-21 16:02 . 2009-03-18 15:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2013-02-15 20:28 . 2013-02-21 16:02 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-02-14 09:43 . 2013-02-14 09:44 -------- d-----w- C:\86459a736a6f833b85af29485e581c
2013-02-14 09:36 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 09:36 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 10:50 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 10:50 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 10:50 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 10:49 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 10:49 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 10:49 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 10:49 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 10:49 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 10:49 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 10:49 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 10:49 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 10:49 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-11 11:39 . 2013-02-11 11:39 -------- d-----w- c:\users\Phil\dwhelper
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-07 14:23 . 2012-07-07 13:11 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-07 14:23 . 2012-07-07 13:11 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-27 10:28 . 2012-07-06 09:39 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 10:28 . 2012-02-07 09:51 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 09:44 . 2012-07-07 11:06 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-13 10:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-22 00:22 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 00:22 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 00:22 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 00:22 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}]
2011-12-28 13:21 128064 ----a-w- c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-25 1602984]
"Spotify Web Helper"="c:\users\Phil\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-03-06 1103768]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"Spotify"="c:\users\Phil\AppData\Roaming\Spotify\Spotify.exe" [2013-03-06 4477336]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE" [2012-02-28 283232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-04-03 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-04-03 863360]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Phil\Desktop\mbar\mbar.exe" [2013-03-11 1363016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe [2011-12-11 135824]
R2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
R3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1402010.016\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1402010.016\SYMEFA64.SYS [2012-10-04 1133216]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1402010.016\ccSetx64.sys [2012-08-20 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130308.001\IDSvia64.sys [2013-02-20 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1402010.016\Ironx64.SYS [2012-09-07 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1402010.016\SYMNETS.SYS [2012-09-07 432800]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-08-02 872552]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2011-05-30 36456]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2012-04-05 255376]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 143928]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-02-26 3560800]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2012-09-21 764416]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-21 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-21 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-02-02 138912]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-18 17920]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-03-01 1142376]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 26811534
*NewlyCreated* - ASWMBR
*Deregistered* - 26811534
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 10:28]
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-20 23:54]
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-20 23:54]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-47029471-2999377189-3441408428-1001Core.job
- c:\users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-08 14:10]
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-47029471-2999377189-3441408428-1001UA.job
- c:\users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-08 14:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"Power Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-08-02 1831016]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2012-09-21 1132032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
FF - ProfilePath - c:\users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\c7jwqzx6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2013-02-11 12:38; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\c7jwqzx6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-GameShadow - c:\program files (x86)\GameShadow\GameShadow.exe
Wow6432Node-HKCU-Run-eType - c:\users\Phil\AppData\Roaming\eType\eType.exe
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Phil\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKLM-Run-Guard.Mail.ru.gui - c:\program files (x86)\Guard-ICQ\GuardICQ.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Guard.Mail.ru - c:\program files (x86)\Guard-ICQ\GuardICQ.exe
AddRemove-Akamai - c:\users\Phil\AppData\Local\Akamai\uninstall.exe
AddRemove-eType - c:\users\Phil\AppData\Roaming\eType\eTypeUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-11 23:26:26
ComboFix-quarantined-files.txt 2013-03-11 22:26
.
Vor Suchlauf: 16 Verzeichnis(se), 501.157.285.888 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 503.355.486.208 Bytes frei
.
- - End Of File - - 85E99EEF322532DE99A3010F6352DA3A
|
|
12.03.2013, 16:37
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannten Trojaner von Freund aufgespielt JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2013, 14:36
| #11 |
| | Unbekannten Trojaner von Freund aufgespielt Zunächst mal JRT-Log: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by Phil on 13.03.2013 at 13:52:34,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] icq service
Successfully deleted: [Service] icq service
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{855f3b16-6d32-4fe6-8a56-bbb695989046}
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\dsnr labs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\icq service.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\icqtoolbar.iehook
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\icqtoolbar.iehook.1
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{855f3b16-6d32-4fe6-8a56-bbb695989046}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\icq6toolbar"
Successfully deleted: [Folder] "C:\Users\Phil\AppData\Roaming\microsoft\windows\start menu\programs\etype"
~~~ FireFox
Successfully deleted: [File] C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\c7jwqzx6.default\user.js
Successfully deleted the following from C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\c7jwqzx6.default\prefs.js
user_pref("browser.newtabpage.blocked", "{\"MZwOivqhwROl3AAFthn+Ig==\":1,\"I6TBWqOCccVKCNlp98iTUQ==\":1,\"sg0zLJZm2AZ7F+zj6WIRxA==\":1,\"sZzutuXnj2y428KnF70Cyw==\":1,\"J0tzMZ/
Emptied folder: C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\c7jwqzx6.default\minidumps [187 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.03.2013 at 14:17:23,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
adw log: Code:
ATTFilter # AdwCleaner v2.114 - Datei am 13/03/2013 um 14:42:20 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Phil - MASTER-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Phil\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\c7jwqzx6.default\searchplugins\icqplugin.xml
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\c7jwqzx6.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v25.0.1364.152
Datei : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.1689] : homepage = "hxxp://start.icq.com/",
-\\ Opera v12.14.1738.0
Datei : C:\Users\Phil\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2107 octets] - [13/03/2013 14:42:20]
########## EOF - C:\AdwCleaner[S1].txt - [2167 octets] ##########
Code:
ATTFilter OTL logfile created on: 13.03.2013 14:52:29 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phil\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,86 Gb Total Physical Memory | 5,61 Gb Available Physical Memory | 71,36% Memory free 15,71 Gb Paging File | 13,34 Gb Available in Paging File | 84,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 678,54 Gb Total Space | 442,68 Gb Free Space | 65,24% Space Free | Partition Type: NTFS Computer Name: MASTER-LAPTOP | User Name: Phil | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Phil\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Phil\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) PRC - C:\Users\Phil\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Phil\AppData\Roaming\Spotify\Data\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\SDL.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.2.1.22\wincfi39.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Windows\SysWOW64\msjetoledb40.dll () ========== Services (SafeList) ========== SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Windows7FirewallService) -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software) SRV - (Live Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (MSSQL$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (AdobeActiveFileMonitor9.0) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtsp64.sys (Symantec Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symefa64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symds64.sys (Symantec Corporation) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symnets.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtspx64.sys (Symantec Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192Ce.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation) DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (InputFilter_Hid_FlexDef2b) -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys (Siliten) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130313.002\ex64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130313.002\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130312.001\IDSviA64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-47029471-2999377189-3441408428-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-47029471-2999377189-3441408428-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-47029471-2999377189-3441408428-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-47029471-2999377189-3441408428-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.145.0 FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.80.2 FF - prefs.js..extensions.enabledAddons: scriptish%40erikvold.com:0.1.8 FF - prefs.js..extensions.enabledAddons: %7Bdf4e4df5-5cb7-46b0-9aef-6c784c3249f8%7D:1.2.0 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.1.1.5%20-%203 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Phil\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Phil\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Phil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2013.02.22 00:19:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013.03.13 14:49:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 20:16:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 20:16:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.06 10:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\Extensions [2013.02.24 13:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\Firefox\Profiles\c7jwqzx6.default\extensions [2013.02.24 13:40:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Phil\AppData\Roaming\mozilla\Firefox\Profiles\c7jwqzx6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.07.07 19:14:57 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Phil\AppData\Roaming\mozilla\Firefox\Profiles\c7jwqzx6.default\extensions\battlefieldheroespatcher@ea.com [2012.10.06 12:38:08 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Phil\AppData\Roaming\mozilla\Firefox\Profiles\c7jwqzx6.default\extensions\battlefieldplay4free@ea.com [2012.11.03 23:26:33 | 000,101,871 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\c7jwqzx6.default\extensions\ciuvo-extension@icq.de.xpi [2012.10.03 10:02:53 | 000,235,457 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\c7jwqzx6.default\extensions\scriptish@erikvold.com.xpi [2013.02.14 12:43:49 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\c7jwqzx6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.07.08 23:50:57 | 000,026,136 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\c7jwqzx6.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2013.03.13 12:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.22 00:19:23 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPLGN [2013.03.08 20:16:19 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.27 13:10:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.27 13:10:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.27 13:10:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.27 13:10:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.27 13:10:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.27 13:10:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\Application\25.0.1364.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Phil\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Norton Identity Protection = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\ CHR - Extension: Minecraft = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlpgoledhpdldmmhcgfcaecodnkmoiea\0.0.0.8_0\ CHR - Extension: CS Portable = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnkfbfebopikmbphmahljchancjmmmpj\1.0.1_0\ O1 HOSTS File: ([2013.03.11 22:54:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKU\S-1-5-21-47029471-2999377189-3441408428-1001..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3520 Series" File not found O4 - HKU\S-1-5-21-47029471-2999377189-3441408428-1001..\Run: [Spotify] C:\Users\Phil\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-47029471-2999377189-3441408428-1001..\Run: [Spotify Web Helper] C:\Users\Phil\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-47029471-2999377189-3441408428-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-47029471-2999377189-3441408428-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-47029471-2999377189-3441408428-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFB837B6-D28B-4040-8F80-86258E981F7E}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.13 13:52:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.13 13:51:31 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Phil\Desktop\jrt.exe [2013.03.13 13:49:04 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.13 13:23:26 | 000,000,000 | ---D | C] -- C:\Users\Phil\Backup_Daten [2013.03.13 12:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.03.13 12:39:31 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.03.13 12:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.03.12 14:57:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.11 22:25:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.11 22:25:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.11 22:25:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.11 22:25:16 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.11 22:24:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.11 22:02:13 | 005,037,889 | R--- | C] (Swearware) -- C:\Users\Phil\Desktop\ComboFix.exe [2013.03.11 18:03:17 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Phil\Desktop\tdsskiller.exe [2013.03.11 16:18:07 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Phil\Desktop\aswMBR.exe [2013.03.11 16:13:49 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\mbar [2013.03.10 23:55:29 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\Malwarebytes [2013.03.10 23:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.10 23:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.10 23:55:13 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.10 23:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.10 23:54:57 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\Programs [2013.03.10 16:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON [2013.03.09 23:41:19 | 000,000,000 | ---D | C] -- C:\Users\Phil\Documents\upload [2013.03.09 12:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows7FirewallControl [2013.03.09 12:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows7FirewallControl [2013.03.09 00:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2013.03.08 20:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.07 15:23:47 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.07 15:23:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.07 15:23:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.07 15:23:23 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.07 15:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.06 14:16:51 | 000,000,000 | ---D | C] -- C:\mysql-connector-java-5.1.23 [2013.03.03 22:09:05 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\com.stoicstudio.TheBannerSagaFactions [2013.03.03 22:08:48 | 000,000,000 | ---D | C] -- C:\Users\Phil\tbs_logs [2013.03.03 14:51:17 | 000,000,000 | ---D | C] -- C:\Users\Phil\SE [2013.02.28 00:04:55 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.28 00:04:55 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.28 00:04:55 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.28 00:04:55 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.28 00:04:54 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.28 00:04:54 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.28 00:04:52 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.28 00:04:52 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 00:04:52 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 00:04:52 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 00:04:52 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 00:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 00:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 00:04:52 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 00:04:52 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 00:04:51 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.28 00:04:50 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.28 00:04:50 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.28 00:04:50 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.28 00:04:50 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.28 00:04:50 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.28 00:04:50 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.28 00:04:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 00:04:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 00:04:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 00:04:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 00:04:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 00:04:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 00:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 00:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 00:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 00:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 00:04:49 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.28 00:04:49 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.28 00:04:49 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.28 00:04:49 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.28 00:04:48 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.28 00:04:48 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.28 00:04:48 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.28 00:04:48 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.28 00:04:48 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.21 17:12:42 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\LogMeIn Hamachi [2013.02.21 17:02:17 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2013.02.21 17:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.02.15 21:28:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.02.15 13:20:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.02.14 10:43:48 | 000,000,000 | ---D | C] -- C:\86459a736a6f833b85af29485e581c [2013.02.14 00:18:58 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.14 00:18:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.14 00:18:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.14 00:18:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.14 00:18:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.14 00:18:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.14 00:18:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.14 00:18:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.14 00:18:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.14 00:18:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.14 00:18:53 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.14 00:18:53 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.14 00:18:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.14 00:18:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.14 00:18:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 11:50:07 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 11:50:06 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 11:50:06 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 11:49:56 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 11:49:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 11:49:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 11:49:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 11:49:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 11:49:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 11:49:55 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.13 14:55:53 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.13 14:55:53 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.13 14:49:22 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-47029471-2999377189-3441408428-1001UA.job [2013.03.13 14:45:45 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.13 14:44:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.13 14:44:18 | 2030,981,119 | -HS- | M] () -- C:\hiberfil.sys [2013.03.13 14:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.13 14:04:45 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.13 13:51:31 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Phil\Desktop\jrt.exe [2013.03.13 13:45:27 | 000,597,667 | ---- | M] () -- C:\Users\Phil\Desktop\adwcleaner.exe [2013.03.13 12:39:33 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.03.12 23:57:58 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-47029471-2999377189-3441408428-1001Core.job [2013.03.11 22:54:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.11 22:02:37 | 005,037,889 | R--- | M] (Swearware) -- C:\Users\Phil\Desktop\ComboFix.exe [2013.03.11 18:03:37 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Phil\Desktop\tdsskiller.exe [2013.03.11 16:19:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Phil\Desktop\aswMBR.exe [2013.03.11 00:28:22 | 000,217,495 | ---- | M] () -- C:\Users\Phil\Documents\upload.zip [2013.03.10 23:55:16 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.09 20:56:01 | 000,000,000 | ---- | M] () -- C:\Users\Phil\defogger_reenable [2013.03.09 20:54:25 | 000,050,477 | ---- | M] () -- C:\Users\Phil\Desktop\Defogger.exe [2013.03.09 03:24:16 | 000,003,656 | ---- | M] () -- C:\{3727E2AC-F4CE-45F7-BB32-9F396FDEA6AE} [2013.03.09 03:12:28 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat [2013.03.09 03:09:55 | 000,355,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.09 00:51:09 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.03.07 15:23:07 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.07 15:23:06 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.07 15:23:06 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.07 15:23:06 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.07 15:23:06 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.07 15:23:06 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.06 12:51:06 | 000,002,376 | ---- | M] () -- C:\Users\Phil\Desktop\Google Chrome.lnk [2013.03.02 18:27:12 | 000,356,209 | ---- | M] () -- C:\Users\Phil\Desktop\src.rar [2013.03.02 18:27:03 | 000,012,018 | ---- | M] () -- C:\Users\Phil\Desktop\pacmanGuiSource.rar [2013.02.27 11:28:01 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.27 11:28:01 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.23 19:04:14 | 001,896,436 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.23 19:04:14 | 000,799,270 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.23 19:04:14 | 000,748,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.23 19:04:14 | 000,189,086 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.23 19:04:14 | 000,158,836 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.23 15:07:32 | 000,001,504 | ---- | M] () -- C:\Users\Phil\Desktop\Anno1701 - Verknüpfung.lnk [2013.02.22 15:31:36 | 430,124,518 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.21 17:02:14 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.13 13:45:26 | 000,597,667 | ---- | C] () -- C:\Users\Phil\Desktop\adwcleaner.exe [2013.03.13 12:39:33 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.03.11 22:25:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.11 22:25:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.11 22:25:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.11 22:25:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.11 22:25:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.10 23:55:16 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.09 23:46:25 | 000,217,495 | ---- | C] () -- C:\Users\Phil\Documents\upload.zip [2013.03.09 20:56:01 | 000,000,000 | ---- | C] () -- C:\Users\Phil\defogger_reenable [2013.03.09 20:54:25 | 000,050,477 | ---- | C] () -- C:\Users\Phil\Desktop\Defogger.exe [2013.03.09 03:24:15 | 000,003,656 | ---- | C] () -- C:\{3727E2AC-F4CE-45F7-BB32-9F396FDEA6AE} [2013.03.09 03:12:28 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2013.03.09 00:51:09 | 000,001,245 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.03.09 00:51:09 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.03.02 18:27:02 | 000,012,018 | ---- | C] () -- C:\Users\Phil\Desktop\pacmanGuiSource.rar [2013.02.23 15:07:32 | 000,001,504 | ---- | C] () -- C:\Users\Phil\Desktop\Anno1701 - Verknüpfung.lnk [2013.02.21 17:01:04 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2013.02.15 13:20:40 | 430,124,518 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.01.12 05:00:03 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2013.01.10 04:01:36 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2013.01.10 04:00:36 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2013.01.10 03:59:30 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2012.09.14 16:15:33 | 000,000,829 | ---- | C] () -- C:\Users\Phil\AppData\Local\recently-used.xbel [2012.07.21 16:52:16 | 000,195,499 | ---- | C] () -- C:\Windows\Kino Mogul Uninstaller.exe [2012.07.07 20:01:34 | 000,281,120 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.07 20:01:29 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.07.07 19:26:38 | 000,007,599 | ---- | C] () -- C:\Users\Phil\AppData\Local\Resmon.ResmonCfg [2012.07.07 02:17:28 | 001,874,330 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.07 10:00:28 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.02.07 10:00:24 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.02.07 10:00:24 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.02.07 10:00:24 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.02.07 10:00:23 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
13.03.2013, 15:13
| #12 |
| | Unbekannten Trojaner von Freund aufgespielt Otl-Extras: Code:
ATTFilter OTL Extras logfile created on: 13.03.2013 14:52:29 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phil\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,86 Gb Total Physical Memory | 5,61 Gb Available Physical Memory | 71,36% Memory free
15,71 Gb Paging File | 13,34 Gb Available in Paging File | 84,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 678,54 Gb Total Space | 442,68 Gb Free Space | 65,24% Space Free | Partition Type: NTFS
Computer Name: MASTER-LAPTOP | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-47029471-2999377189-3441408428-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BE64B3-78ED-4E6E-B6A0-AD40A70A5D49}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0D649601-8261-49D7-A77E-AFB179683E90}" = lport=138 | protocol=17 | dir=in | app=system |
"{16C7FCA7-0992-4741-A6CC-A200D69AE4F2}" = rport=139 | protocol=6 | dir=out | app=system |
"{2C7C60B5-9B59-4EBA-A591-07C5C92AA5E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F953598-4A97-4FAC-96C7-5391825D9683}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{31D7B1D3-3594-419F-BD06-F250CA919243}" = lport=137 | protocol=17 | dir=in | app=system |
"{44866784-5154-4A8A-A6AC-6909D0B6ECF9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{49C6729C-D229-4A24-B52C-FA2C53098E98}" = rport=137 | protocol=17 | dir=out | app=system |
"{53C26DD0-5D24-4D69-8F0D-BD933D004DB5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{56A99139-2296-4A22-A3D2-431A19BF6F7F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6697EAA1-178B-41DB-BF82-B8DB9D285C52}" = lport=2869 | protocol=6 | dir=in | app=system |
"{692B4CB1-4769-45EA-893A-D697E5EA91EE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7437839A-98C3-4492-B305-2508A11FCB48}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7727BEA8-3631-40B5-8233-55AA922B53C1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87C7CB88-ED6C-4B90-BB63-212D04F69DF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8806BABC-3605-4A24-AADE-42DC2B135361}" = lport=445 | protocol=6 | dir=in | app=system |
"{8A48F042-376F-4A50-94E6-A5B9BDCD14CD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8FC3F4D9-DE48-43FE-BCA1-E5B030DE32C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92AD8830-25C7-4BEE-95DA-72B8E71AFA1B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ADC92504-007C-4BDF-AEFF-D6B842339CCB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9DE6ABA-AE06-4BBD-9B0E-A3FA5160A805}" = rport=445 | protocol=6 | dir=out | app=system |
"{C1936BBF-3274-4E11-A5E4-35FFFD4D28C1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7B81799-CEF8-4F33-A662-50476A3FEE4E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF9964D3-40DE-4C91-9FAD-06253B3C4122}" = rport=138 | protocol=17 | dir=out | app=system |
"{DFF7383C-74E6-4FB3-8482-B2A8CCFABE18}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E1ACCF22-1224-449A-ABE9-2E9B39AB3A36}" = lport=139 | protocol=6 | dir=in | app=system |
"{E7253288-84E9-4197-AD29-82F21ED6BB85}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EA9DD455-A7E3-4F1B-B975-EB9325625730}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F33A903E-EA40-47C4-A878-489B6AA0501A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F365FDA3-3034-42D0-9FFD-7960353AB5A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F8061E0C-923E-4B26-8E1F-C7D4709004C5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F95A44D5-14F8-4288-81F4-22E3FBCDAB70}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD50740F-7C1C-44E3-AC1D-EA0D52AFAEF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003ACFB3-413D-4D64-BB61-3D245F81FFBC}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\alpha protocol\binaries\apgame.exe |
"{0258991B-B7C5-4029-9DEB-A31F7111633B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe |
"{0895C356-8DC9-4577-81A5-14573C42EAB6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{08F66B54-4B77-461A-BEDA-FCD0A4E76042}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A4F2967-BA72-4CB2-9E4F-1BF962D22CD8}" = protocol=17 | dir=in | app=d:\network\epsonnetsetup\eneasyapp.exe |
"{10E38DDF-0675-4A61-8BE5-44ADB067347C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{144DDD94-205A-4FC6-8FC8-1DC2F5BE9207}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{18701F81-2764-47DB-BC42-433719AE0C92}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1A3A81AC-39A6-4E03-94E9-B2B3B39C532F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D9ABDD8-0C3F-43CE-B70F-9821F2AD7336}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{30F04DD9-7639-4BAF-A650-FE60A21BE2F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3249ABE4-0DAD-4CC2-906C-C956F01E25C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3BC1787C-7643-447E-8B2C-71676D300DAF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3D1FBEA4-AAD8-4B4C-AF80-EB181A126B50}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{404813EB-563B-449B-BF0C-F8913C2FF8A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{429DD069-17A4-42D0-95BD-E1EECB2890C5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4552BFA7-540D-41AB-B3B7-C5EAEEFB3A5D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4791605D-8B05-444D-B946-57444206A11D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{49FEFCE5-7E38-4CD4-9D8A-8A4AE70C8DFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C6678A2-2CB3-4FF0-A58E-71C575EBD1BC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4C780D21-AD16-4B70-9B71-17945A18FB9A}" = protocol=17 | dir=in | app=c:\program files (x86)\age of mythology\aom.exe |
"{5769DED1-8E42-4F3E-9318-B80DBC2D691E}" = protocol=6 | dir=out | app=system |
"{57A7A092-40C3-43B9-AC37-B07890F6A8A5}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{586F5109-57A3-4C72-B25C-4AB50BC52A95}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{591D60A4-18D0-4AE6-B7F4-1533A69320C2}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{5A73F167-C5DF-471B-8AB2-8F36DB114413}" = protocol=6 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper.exe |
"{5BF1F76E-0EFB-430C-B2C0-4C21171FA25B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5C3728EB-3E91-4686-A58B-16563AC3837A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5E766A2B-F982-4572-B602-F2691D79AF3F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6326740D-FDA4-4485-A1D9-684581AC0575}" = protocol=17 | dir=in | app=c:\program files\opera next x64\opera.exe |
"{642E56C7-8D10-4851-8D29-880515FCE4B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{676880DC-78AD-4233-8AEF-3EA4F39F060C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{6E29B333-7988-4599-A237-658CCFBAB29F}" = protocol=58 | dir=in | app=system |
"{726BB918-B6C5-4FF8-9C87-EDC53367EE9D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{73EECAA6-FA9B-4CF3-AC02-188D08684F11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{74F5FD49-8615-4FBA-9BD6-66C7686EDC01}" = protocol=17 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper.exe |
"{76445EC1-D268-4223-88EA-90ACAFE33225}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7CF32F15-6D72-46FF-82C3-ABA383928C1E}" = dir=in | app=c:\program files (x86)\cyberlink\homemedia\homemedia.exe |
"{8693A022-44A1-412D-9FB9-7585A65EC521}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8DAC2200-5C68-492E-AAD5-E75783641DF3}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{951411D0-F047-4251-9AA7-5729212D2267}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{97ED9792-C951-43CF-97A1-569E4BF8B60B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A9C0591-A86C-464C-B0CF-EFC9AE518883}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9B39E3FF-436C-4D51-B6DE-94B0692CA6A2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9CA123D2-192F-4EC2-A738-B4BEE7047E3F}" = protocol=6 | dir=in | app=d:\network\epsonnetsetup\eneasyapp.exe |
"{A0514308-6731-4C1F-AD18-97D00B1413E2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A1DA9F8E-4D8B-46C8-A3FF-FE678226A02F}" = protocol=17 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{A4ACA2A8-EF21-41DF-A159-C2BD0C513255}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A5EE1C59-AF3C-457C-A4DC-7E015F896B7A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{A78F247D-649B-4484-9D2C-4154CC60E834}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B49EEA62-415D-47E9-9466-4AA8BCC6DA64}" = protocol=6 | dir=in | app=c:\program files\opera next x64\opera.exe |
"{B62EF23F-A35B-4A60-931A-D1525C0E0329}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{B7FDE5A6-96A4-4962-9D5F-FAAB0A610A70}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{BA747FBD-7B6C-40F6-BA06-9C1309D5F15C}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{BBF93408-D976-4679-BAA6-496340B82196}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{BCDDC42A-7C15-4773-B64E-76DAA08F7CC0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C4499BE2-BA4D-4152-9B81-7DFB2B9249E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe |
"{C9D4369B-F43B-43B2-968E-C8786870635F}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\alpha protocol\binaries\apgame.exe |
"{CB8C8179-DEE2-488A-99B3-EEE4B58DB707}" = protocol=6 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{D4FE5777-F9B6-477E-8772-6854153DAB93}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe |
"{D5DB0B1C-0082-4E1C-B29D-69732E0E45C6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe |
"{DFCF2029-2517-4276-9875-0D17035563B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2FB26BD-8527-432C-9230-2A7D6B8143EA}" = protocol=6 | dir=in | app=c:\program files (x86)\age of mythology\aom.exe |
"{E66B50A8-77C4-47B4-8313-C85C55565DA9}" = protocol=17 | dir=in | app=c:\users\phil\appdata\local\akamai\netsession_win.exe |
"{EC7BEF68-FF2F-4053-8C64-CE86A1AC8759}" = protocol=6 | dir=in | app=c:\users\phil\appdata\local\akamai\netsession_win.exe |
"{EE409D05-A01E-4AB5-8320-3208187C48F8}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{EF5B5C1C-2022-4C01-8146-038DCBD4535B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F1D5E3C6-2164-410F-9021-631FBA18A551}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{F8726EA8-2204-46D2-ACC2-47595198B2AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"TCP Query User{020AFB81-3A52-4FDB-B1DA-DEA47C7346EE}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe |
"TCP Query User{16388106-2AFB-4240-8A5C-F3CBDBF05BAC}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{51327A61-5D6F-4E60-B651-D79D7EF491AF}C:\games\paintball2\paintball2.exe" = protocol=6 | dir=in | app=c:\games\paintball2\paintball2.exe |
"TCP Query User{5D27D074-61B9-4DE5-A315-FE846E4FBA8C}C:\users\phil\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\phil\appdata\roaming\spotify\spotify.exe |
"TCP Query User{6D35D8A5-D8BC-48FD-9E4D-4CBA15847F70}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{73024FEC-97BA-43E4-9D3A-5521A058BDE7}C:\program files (x86)\topware\kam - the peasants rebellion\km_tpr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\topware\kam - the peasants rebellion\km_tpr.exe |
"TCP Query User{941F404F-E73B-4370-B3FE-08CC28CF08B6}C:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe |
"TCP Query User{A128B2B3-2EC6-40FF-AD91-51597A45519F}C:\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\eclipse\eclipse.exe |
"TCP Query User{C4ED909E-94B7-4BD9-ADA4-15A70FE355B2}C:\users\phil\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\phil\appdata\local\akamai\netsession_win.exe |
"TCP Query User{CE58EC52-B553-4FB0-861A-EAC7E6A47C9C}C:\program files (x86)\lucasarts\star wars empire at war\gamedata\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\fpupdate.exe |
"TCP Query User{D15A1906-6D6E-40C1-8CE0-C92827EBBBF1}C:\kam remake\kam_remake.exe" = protocol=6 | dir=in | app=c:\kam remake\kam_remake.exe |
"TCP Query User{D376624A-4CB6-40A0-9698-1D93C67A2F17}C:\users\phil\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\phil\appdata\roaming\spotify\spotify.exe |
"TCP Query User{E50C93B9-0891-4236-B8BC-4948217EDD7D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{E8316253-113F-4688-A2C1-9E52A4470BA9}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{F424F1FC-CD0E-4A18-904B-13F8EED7B756}C:\program files (x86)\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files (x86)\age of mythology\aom.exe |
"TCP Query User{F57E5620-FC30-454F-B681-BC620B6400AE}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{21538C1F-B573-469E-B52D-B298F6D15669}C:\program files (x86)\topware\kam - the peasants rebellion\km_tpr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\topware\kam - the peasants rebellion\km_tpr.exe |
"UDP Query User{434B5F84-5773-4F76-9C85-2429C25F328D}C:\users\phil\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\phil\appdata\roaming\spotify\spotify.exe |
"UDP Query User{45FF84DA-771E-4F2F-A738-4ED2B4114148}C:\program files (x86)\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files (x86)\age of mythology\aom.exe |
"UDP Query User{61AFD843-CABD-4613-ACFE-5C88D40119EC}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{69CD0807-C71B-479C-9380-BC134042957B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{757D3341-E64F-46E0-BC5F-287FAC5A2795}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{ABAF7DDC-C9E9-46E5-81B6-4D1A470BEAF8}C:\users\phil\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\phil\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B1A91A9F-B215-4CC9-8C25-6389B3E9CDB2}C:\games\paintball2\paintball2.exe" = protocol=17 | dir=in | app=c:\games\paintball2\paintball2.exe |
"UDP Query User{BBABE26E-7328-437D-90EF-04826DFB12FA}C:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe |
"UDP Query User{BBFE3CA9-788B-464C-902F-CC853987A5D8}C:\users\phil\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\phil\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C0F76651-F96C-418B-B209-0B5DD36906AD}C:\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\eclipse\eclipse.exe |
"UDP Query User{C1F223B1-6B1B-4D50-9F0D-FF437707267D}C:\kam remake\kam_remake.exe" = protocol=17 | dir=in | app=c:\kam remake\kam_remake.exe |
"UDP Query User{C3FAB471-763A-4ECE-BA65-305713481508}C:\program files (x86)\lucasarts\star wars empire at war\gamedata\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\fpupdate.exe |
"UDP Query User{C448807C-2EA4-4951-B924-7F5C187D083A}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{C7A85EE0-D449-4011-80F9-DB7F3F5C7E5D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{EDD1053E-1CBB-4642-8F63-0D78ADE2F541}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2D2AA3BA-A945-40AD-9B81-23A98C89B2D0}" = Treiber-Studio 2013
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8125A39-ADEE-4187-B04D-DB6CF489AF61}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"EPSON WF-3520 Series" = EPSON WF-3520 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"Opera 12.50.1497" = Opera Next 12.50 internal build 1497
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.2
"Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 5.1.7.69
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68AFA3A7-9265-4ABD-994A-ACA413E3715C}" = Nero Multimedia Suite 10 Essentials
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F01524C-0676-4CC1-B4AE-64753C723391}" = Epson Event Manager
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Video Web Camera
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDE049C8-E4B2-4EB5-A534-CF5C581F5D32}_is1" = KaM Remake Full r3392
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FE8FF1DC-90A3-A976-4ED7-43C280CEC0E0}" = Fooz Kids
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Akamai" = Akamai NetSession Interface Service
"CamStudio" = CamStudio
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DarkWave Studio" = DarkWave Studio 4.0.9
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"Epson Connect Guide" = Anleitung für Epson Connect
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FoozKids" = Fooz Kids
"Guard.Mail.ru" = Guard.ICQ
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Video Web Camera
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"IntelliJ IDEA Community Edition 12.0" = IntelliJ IDEA Community Edition 12.0
"KaM - The Peasants Rebellion" = KaM - The Peasants Rebellion
"Kino Mogul" = Kino Mogul
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX Music Maker for MySpace D" = MAGIX Music Maker for MySpace 15.0.1.8 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NClass_is1" = NClass 2.04
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"Opera 12.12.1707" = Opera 12.12
"Opera 12.14.1738" = Opera 12.14
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"Paintball2" = Paintball2 Alpha build 36
"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.6
"PremElem90" = Adobe Premiere Elements 9
"PunkBusterSvc" = PunkBuster Services
"RarZilla Free Unrar" = RarZilla Free Unrar
"Steam App 10500" = Empire: Total War
"Steam App 218" = Source SDK Base 2007
"Steam App 219340" = The Banner Saga: Factions
"Steam App 8930" = Sid Meier's Civilization V
"TeamViewer 8" = TeamViewer 8
"WF-3520 Series Netg" = Epson Netzwerkhandbuch WF-3520 Series
"WF-3520 Series Useg" = Epson Benutzerhandbuch WF-3520 Series
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WTA-05f67539-73d5-40ab-9168-efdb4de035a9" = Wedding Dash
"WTA-11e37e07-3696-494f-9746-02c40ed5f62a" = Zuma Deluxe
"WTA-123f7808-7357-48cb-8d4c-255bd9bc4f77" = FATE
"WTA-1abd99b9-52f2-40b2-8127-b59c6cc24444" = Jewel Match 3
"WTA-223a2ac3-8096-42c4-8699-e985aa588fae" = John Deere Drive Green
"WTA-24503b05-960c-479d-bbe7-6941daf20c67" = Torchlight
"WTA-2d637f34-cfca-4667-b45f-bf01d0a3587c" = Final Drive: Nitro
"WTA-31501cde-e7c1-458f-aa69-3e81cb605251" = Mystery of Mortlake Mansion
"WTA-3281bcda-c280-448c-9592-b05e55a6b00e" = Penguins!
"WTA-54ba6fc1-c61d-4748-88c9-02feedbae1af" = Chuzzle Deluxe
"WTA-5505a5e7-46f0-48a7-9b1b-bd64bafb0473" = Virtual Villagers 4 - The Tree of Life
"WTA-5bdfa405-01fa-4711-beef-7d7ac209cec6" = Slingo Deluxe
"WTA-6fab9862-cac1-4b3f-a473-37d17c35d490" = Polar Bowler
"WTA-780574fc-08dc-49fc-8e2c-28d68070515f" = Agatha Christie - Death on the Nile
"WTA-7925a6f0-e093-40f0-a410-795a85413060" = Crazy Chicken Kart 2
"WTA-9ed5e2ca-d7a3-456d-b942-bde09f7bf94b" = Bejeweled 2 Deluxe
"WTA-b1b6b9ca-00db-40d3-a245-da05f9c8c758" = Plants vs. Zombies - Game of the Year
"WTA-b8e47eb2-cb02-4dee-81a2-c7772fe5e80e" = Jewel Quest Solitaire
"WTA-e6a6755d-7072-4cb8-bbf6-8987574c2d74" = Insaniquarium Deluxe
"xampp" = XAMPP 1.8.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-47029471-2999377189-3441408428-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Tropico 4" = Tropico 4 1.00
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.03.2013 09:47:23 | Computer Name = Master-Laptop | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 28.11.2012 17:17:10 | Computer Name = Master-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 30659 seconds with 3480 seconds of active time. This session ended with
a crash.
[ System Events ]
Error - 13.03.2013 09:35:06 | Computer Name = Master-Laptop | Source = DCOM | ID = 10010
Description =
Error - 13.03.2013 09:46:04 | Computer Name = Master-Laptop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
SQL Server (SQLEXPRESS) erreicht.
Error - 13.03.2013 09:46:04 | Computer Name = Master-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SQL Server (SQLEXPRESS)" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 13.03.2013 09:46:15 | Computer Name = Master-Laptop | Source = DCOM | ID = 10016
Description =
Error - 13.03.2013 09:46:35 | Computer Name = Master-Laptop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Net.Tcp-Portfreigabedienst erreicht.
Error - 13.03.2013 09:46:35 | Computer Name = Master-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Net.Tcp-Portfreigabedienst" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 13.03.2013 09:47:27 | Computer Name = Master-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053
Error - 13.03.2013 09:50:40 | Computer Name = Master-Laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 13.03.2013 09:50:40 | Computer Name = Master-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
|
|
13.03.2013, 16:11
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannten Trojaner von Freund aufgespielt Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2013, 16:26
| #14 |
| | Unbekannten Trojaner von Freund aufgespielt Hier zunächst mal MBAM, scheint clean^^: Code:
ATTFilter alwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.13.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Phil :: MASTER-LAPTOP [Administrator] 13.03.2013 16:17:02 mbam-log-2013-03-13 (16-17-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 259689 Laufzeit: 7 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
13.03.2013, 19:10
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannten Trojaner von Freund aufgespielt Bitte das Log von ESET auch posten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Unbekannten Trojaner von Freund aufgespielt |
| anhang, datei getarnt, dateien, exe, folge, folgendes, freund, gelöscht, heute, keine viren, komplett, löschen, namen, neue, nicht löschen, nicht mehr, problem, remote, scan, selbst entpackend, shell, skype, trojaner, unbekannt, unbekannte, unterbinden, verbindung, verhindert, viren, virus |
Linear-Darstellung
